Alternative to running `--no-sandbox` on Posit Workbench

[fh-mthomson]

Separating out from rstudio/rstudio#12960 (comment)

In order to run chromote in Posit Workbench, I needed to manually specify --no-sandbox.

Is this expected?

• If not, any ideas on what could be wrong with my setup (using a version of Posit's Docker images)?
• If so, can that be automated via the package (e.g., flags here)?

Reprex:

chromote::set_chrome_args(chromote:::default_chrome_args())

b <- chromote::ChromoteSession$new()
#> Error in `with_random_port()`:
#> ! Cannot find an available port. Please try again.
#> Caused by error in `startup()`:
#> ! Failed to start chrome. Error: Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
#> [0703/000005.639233:FATAL:zygote_host_impl_linux.cc(201)] Check failed: . : No space left on device (28)
#> [0703/000005.649603:ERROR:file_io_posix.cc(145)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq: No such file or directory (2)
#> [0703/000005.649699:ERROR:file_io_posix.cc(145)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq: No such file or directory (2)
#> [0100/000000.668105:ERROR:zygote_linux.cc(673)] write: Broken pipe (32)
chromote:::default_chrome_args()
#> [1] "--force-color-profile=srgb" "--disable-extensions"      
#> [3] "--mute-audio"

• Solution: specify --no-sandbox (not a default arg, likely intentionally given security considerations)

chromote::set_chrome_args(c(chromote:::default_chrome_args(), "--no-sandbox"))
b <- chromote::ChromoteSession$new()

More detail

--no-sandbox is seemingly bypassed, since each of the cases are FALSE on Workbench (reference)

chromote:::is_inside_ci()
#> [1] FALSE
chromote:::is_inside_docker()
#> [1] FALSE
chromote:::is_missing_linux_user()
#> [1] FALSE

While there's a comment in the function here

# > Note: --no-sandbox is not needed if you properly setup a user in the container.
# https://developers.google.com/web/updates/2017/04/headless-chrome

It's unclear whether there is additional Docker-level setup to create user profile in Workbench. Of note, there is almost surely always an id available in user sessions, as referenced by is_missing_linux_user(). Illustrative (redacted):

> system("id")
uid=12345678(user.name) gid=123450001(user.name) groups=....

In the same Docker image, built locally:

chromote:::is_inside_ci()
#> [1] FALSE
chromote:::is_inside_docker()
#> [1] TRUE
chromote:::is_missing_linux_user()
#> [1]  FALSE
chromote:::default_chrome_args()
#> [1] "--no-sandbox"               "--disable-dev-shm-usage"   
#> [3] "--force-color-profile=srgb" "--disable-extensions"      
#> [5] "--mute-audio"       

[fh-mthomson]

For users, this typically shows up indirectly via calls like:

library(gt)
library(dplyr) 
gt(mtcars) %>% 
  gtsave("mtcars.png")

#> Error in `with_random_port()`:
#> ! Cannot find an available port. Please try again.
#> Caused by error in `startup()`:
#> ! Failed to start chrome. Error:
#> Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
#> [1028/162339.112286:FATAL:zygote_host_impl_linux.cc(201)] Check failed: . : No space left on device (28)
#> [1028/162339.122671:ERROR:file_io_posix.cc(145)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq: No such file or directory (2)
#> [1028/162339.122762:ERROR:file_io_posix.cc(145)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq: No such file or directory (2)
#> [0100/000000.141627:ERROR:zygote_linux.cc(678)] write: Broken pipe (32)

[lachlansimpson]

Question raised in ZenDesk Support ticket 111636, customer came via this GH issue. #150